|
|
Posted by Philip Ronan on 09/08/05 02:55
"tom pester" wrote:
> Hi Phil,
>
>> On the other hand, extracting two numbers from the HTML source of a
>> web page and adding them together is ridiculously easy. A combination
>> of file_get_contents() and simple string matching is all you need.
>
> My point is that there is no real difference between the turing numbers and
> the addition other than turing number are more difficult to read (fo now).
This took 2 minutes to write:
=====================================================
$s = file_get_contents("http://thereference.dyndns.org:30000/MailPage.php");
$re = "/much is ([0-9]+) \+ ([0-9]+) .* humanGuid" value="([^"]+)"/m";
if (preg_match($re,$s,$m)) {
echo 'Access code = ' . (1*$m[1]+1*$m[2]) . '\r\n';
echo 'Session ID = ' . $m[3];
} else echo "Couldn't find numbers";
=====================================================
Now I have the answer to your addition sum, and the session ID from your
"hidden" field. That wasn't difficult, was it?
Turing numbers are nowhere near as vulnerable. Implemented properly, they
are impossible for computers to read successfully without a lot of hard work
targeted at each specific implementation.
--
phil [dot] ronan @ virgin [dot] net
http://vzone.virgin.net/phil.ronan/
Navigation:
[Reply to this message]
|